valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,244 Commits 20 Branches 25 Tags 21 MiB
7288ae93b9
Commit Graph

8 Commits

Author SHA1 Message Date
Steven
05d2de4c26 - Cleaned up some more rules where 'service: sysmon' was combined with category 
- Replaced 'service: sysmon' with category: ... for some more events to make the rules more product independent

       modified:   rules/windows/builtin/win_invoke_obfuscation_obfuscated_iex_services.yml
       modified:   rules/windows/malware/mal_azorult_reg.yml
       modified:   rules/windows/powershell/powershell_suspicious_profile_create.yml
       modified:   rules/windows/process_creation/sysmon_cmstp_execution.yml
       modified:   rules/windows/process_creation/win_apt_chafer_mar18.yml
       modified:   rules/windows/process_creation/win_apt_unidentified_nov_18.yml
       modified:   rules/windows/process_creation/win_hktl_createminidump.yml
       modified:   rules/windows/process_creation/win_mal_adwind.yml
       modified:   rules/windows/process_creation/win_silenttrinity_stage_use.yml
 2020-10-02 10:45:29 +02:00
aw350m3
399f378269 att&ck tags review: windows/powershell, windows/process_access, windows/network_connection 2020-08-24 23:31:26 +00:00
aw350m3
ba2e891433 windows/powershell folder reviewed. Old ID’s marked with comment “an old one”. These ID’s have to be removed in future. 2020-08-24 00:01:50 +00:00
Florian Roth
f4928e95bc
Update powershell_suspicious_profile_create.yml 2020-04-03 09:36:17 +02:00
hieuttmmo
0c07c5ea16
convention 2019-10-25 11:00:05 +07:00
hieuttmmo
e86ab608f2
Update powershell_suspicious_profile_create.yml 2019-10-25 10:53:21 +07:00
hieuttmmo
edb698c7f7
Update powershell_suspicious_profile_create.yml 2019-10-25 00:28:11 +07:00
hieuttmmo
73b10807d8
Rename powershell_susp_profile_create.yml to powershell_suspicious_profile_create.yml 2019-10-25 00:14:39 +07:00